what Is Claimed Is; 



1 . A communication network system having a central 
management device and a plurality of local area network systems, 
said central management device and said plurality of local area 
network systems being connected to each other, each of the 
plurality of local area network systems having a router and a 
terminal which are connected to each other via a local area 
network, 

said central management device comprising: 

a management database for storing at least one 
common key, each public key assigned to each router and a public 
key assigned to the central management device; and 

a central-side encryption unit for encrypting the 
common key by using each public key assigned to each router, 
and sending the encrypted common key to each router; 
said router comprising: 

a first router-side decryption unit for decrypting 
the encrypted common key sent from said center-side encryption 
unit by using a secret key of the router; 

a storage unit for storing the common key after 
decryption by said first router-side decryption unit; and 

a router-side encryption unit for encrypting 
communication data to be sent from a first source terminal in 
a local area network system of the router to a first destination 
terminal in another local area network system, or communication 
data to be sent from the router to the central management device. 
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by using the common key stored in said storage unit, and sending 
the encrypted communication data to another local area network 
or the central management device. 

2 . The communication network system according to 

claim 1, wherein 

said central-side encryption unit encrypts the public 
keys and sends said encrypted public keys to each router, 
said first router-side decryption unit decrypts the 
encrypted public keys sent from the central-side encryption 
unit by using the secret key of the router, 

said storage unit stores the public keys after decryption 
by said first router-side decryption unit, and 

said router-side encryption unit selects the public key 
for a router of another local area network system or the central 
management device to be a destination from the public keys 
stored in the storage unit, encrypts the common key by using 
the selected public key, and sends the encrypted common key to 
another local area network or the central management device, 
together with the encrypted communication data. 

3. The communication network system according to 
claim 1, wherein 

said management database further stores secret 
25 concealment terminal data indicating a combination of one 
terminal in one of the plurality of local area network systems 
and another terminal in another of the plurality of local area 
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network systems, data communicated between one and another 
terminals of said combination being required to be encrypted; 

said central-side encryption unit encrypts the secret 
concealment terminal data by using each public key assigned to 
5 each router, and sends the encrypted secret concealment 
terminal data to each router, 

said first router-side decryption unit decrypts the 
encrypted secret concealment terminal data sent by the 
central-side encryption unit by using the secret key of the 
10 router, 

said storage unit stores the secret concealment terminal 
data after decryption, and 

said router-side encryption unit encrypts the 
communication data if the combination of the first source 
15 terminal and the first destination terminal is contained in the 
secret concealment terminal data. 



4* The communication network system according to 
claim 1, wherein said router further comprises: 
20 a second router-side decryption unit for decrypting data 

sent from a second source terminal in another local area network 
system to a second destination terminal in the local area 
network system of the router, and sending the data after 
decryption to said second destination terminal. 

25 

5. The communication network system according to 
claim 4, wherein 
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said management database further stores secret 
concealment terminal data indicating a combination of one 
terminal in one of the plurality of local area network systems 
and another terminal in another of the plurality of local area 
network systems, data communicated between one and another 
terminals of said combination being required to be encrypted , 

said central-side encryption unit encrypts said secret 
concealment terminal data by using each public key assigned to 
each router r and sends the encrypted secret concealment 
terminal data to each router, 

said first router-side decryption unit decrypts the 
encrypted secret concealment terminal data sent by the central 
side encryption unit, by using the secret key of the router, 

said storage unit stores the secret concealment terminal 
data after decryption, and 

said second router-side decryption unit decrypts the 
communication data if the combination of the second source 
terminal and the second destination terminal is contained in 
the secret concealment terminal data. 

6. The communication network system according to 
claim 1, wherein 

if the common key stored in the management database is 
updated, said central-side encryption unit encrypts the updated 
common key and sends the updated and encrypted common key, and 
said first router-side decryption unit decrypts the updated and 
encrypted common key, and said storage unit substitutes the 
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already stored common key by the updated common key after 
decryption, for storage. 
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7. The communication network system according to 
5 claim 2, wherein 

if the public key stored in the management database is 
updated, said central-side encryption unit encrypts the updated 
public key and sends the updated and encrypted public key, and 
said first router-side decryption unit decrypts the updated and 
10 encrypted public key, and said storage unit substitutes the 
already stored public key by the updated public key after 
decryption, for storage. 

8. The communication network system according to 
15 claim 3, wherein 

if said secret concealment terminal data stored in the 
management database is updated, said central-side encryption 
unit encrypts the updated secret concealment terminal data and 
sends the updated and encrypted secret concealment terminal 
20 data, and said first router-side decryption unit decrypts the 
updated and encrypted secret concealment terminal data, and 
said storage unit substitutes the already stored secret 
concealment terminal data by the updated secret concealment 
terminal data after decryption, for storage. 
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9. The communication network system according to 
claim 5, wherein 
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if said secret concealment terminal data stored in the 
management database is updated, said central-side encryption 
unit encrypts the updated secret concealment terminal data and 
sends the updated and encrypted secret concealment terminal 
data, and said first router-side decryption unit decrypts the 
updated and encrypted secret concealment terminal data, and 
said storage unit substitutes the already stored secret 
concealment terminal data by the updated secret concealment 
terminal data after dec4yption, for storage. 

10 • A communication method in a communication network 
system having a central management device and a plurality of 
local area network systems, said central management device and 
said plurality of local area network systems being connected 
to each other, each of the plurality of local area network 
systems having a router and a terminal which are connected to 
each other via a local area network, comprising steps of: 

in said central management device, 

encrypting at least one common key stored in a 
management database in advance by using each public key assigned 
to each router, each public key being stored in said management 
database in advance; and 

sending the encrypted common key to each router; 

and 

in said router, 

decrypting the encrypted common key sent from the 
central management device by using a secret key of the router; 
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encrypting communication data to be sent from a 
source terminal in a local area network system of the router 
to a destination terminal in another local area network system, 
or communication data to be sent from the router to the central 
management device by using the common key; and 

sending the encrypted communication data to 
another local area network or the central management device. 

11. A router disposed in each of a plurality of local 
area network systems which are connected to a central management 
device, the router being connected via a local area network to 
a terminal disposed in each of the plurality of local area 
network systems, the router comprising: 

a decryption unit for decrypting an encrypted common key 
sent from said central management device, by using a secret key 
for said router, said common key being encrypted by using a 
public key for the router; 

a storage unit for storing said common key after 
decryption by said decryption unit; and 

an encryption unit for encrypting communication data to 
be sent from a source terminal in a local area network system 
of said router to a destination terminal in another local area 
network system, or communication data to be sent from said 
router to the central management device, by using the common 
key stored in said storage unit, and sending the encrypted 
communication data to another local area network or the central 
management device. 



12. A communication method of a router in each of a 
plurality of local area network systems which are connected to 
a central management device, said router being connected to a 
terminal via a local area network, comprising steps of: 

decrypting an encrypted common key sent from said central 
management device by using a secret key for said router, said 
common key being encrypted by using a public key for said router; 

storing the common key after decryption in a storage unit 

in the router; 

encrypting communication data to be sent from a source 
terminal in a local area network system of the router to a 
destination terminal in another local area network system, or 
communication data to be sent from the router to the central 
management device, by using the coiranon key stored in the storage 
unit; and 

sending the encrypted communication data to another local 
area network or to the central management device. 

13. A program product executed by a router disposed in 
each of a plurality of local area network systems which are 
connected to a central management device, the router being 
connected via a local area network to a terminal disposed in 
each of the plurality of local area network systems, said 
program product comprising steps of: 

decrypting an encrypted common key sent from the central 
management device by using a secret key of the router, said 



common key being encrypted by using a public key of the router; 

storing said common key after decryption in a storage unit 
of the router; 

encrypting communication data to be sent from a source 
terminal in a local area network system of the router to a 
destination terminal in another local area network system, or 
communication data to be sent from the router to the central 
management device, by using the common key stored in the storage 
unit ; and 

sending the encrypted communication data to another local 
area network or to the central management device. 

14. A central management device connected to a 
plurality of local area network systems each having a router 
and a terminal which are connected to each other through a local 
area network, the central management device comprising: 

a management database for storing at least one common key, 
each public key assigned to each router and a public key assigned 
to said central management device, said at least one common key 
being used by each router to encrypt communication data to be 
communicated between a terminal of a local area network system 
and a terminal of another local area network system, or between 
each router and the central management device; and 

an encryption unit for encrypting the common key by using 
each public key assigned to each router, and sending the 
encrypted common key to each router. 
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15. A management method of a central management device 
connected to a plurality of local area network systems each 
having a router and a terminal which are connected to each other 
through a local area network, the management method comprising 
steps of: 

storing in a management database and managing at least 
one common key, each public key assigned to each router and a 
public key assigned to said central management device, said at 
least one common key being used by each router to encrypt 
communication data to be communicated between a terminal in a 
local area network system and a terminal in another local area 
network system, or between a router and the central management 
device; 

encrypting the common key by using each public key 
assigned to each router; and 

sending the encrypted common key to each router. 

16. A program product executed by a computer installed 
in a central management device connected to a plurality of local 
area network system each having a router and a terminal which 
are connected to each other through a local area network, said 
program product comprising steps of: 

storing in a management database and managing at least 
one common key, each public key assigned to each router and a 
public key assigned to said central management device, said at 
least one common key being used by each router to encrypt 
communication data to be communicated between a terminal in a 



local area network system and a terminal in another local area 
network system, or between a router and the central management 
device; 

encrypting the common key by using each public key 
5 assigned to each router; and 

sending the encrypted common key to each router. 
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